1 telecommuters sharing one vpn rule example, 2 telecommuters using unique vpn rules example – ZyXEL Communications P-334U User Manual
Page 166
P-334U/P-335U User’s Guide
166
Chapter 13 IPSec VPN
13.10.1 Telecommuters Sharing One VPN Rule Example
See the following figure and table for an example configuration that allows multiple
telecommuters (A, B and C in the figure) to use one VPN rule to simultaneously access a
ZyXEL Device at headquarters (HQ in the figure). The telecommuters do not have domain
names mapped to the WAN IP addresses of their IPSec routers. The telecommuters must all
use the same IPSec parameters but the local IP addresses (or ranges of addresses) should not
overlap.
Figure 97 Telecommuters Sharing One VPN Rule Example
Table 57 Telecommuters Sharing One VPN Rule Example
FIELDS
TELECOMMUTERS
HEADQUARTERS
My ZyXEL Device:
0.0.0.0 (dynamic IP address
assigned by the ISP)
Public static IP address
Remote Gateway
Address:
Public static IP address
0.0.0.0 With this IP address only
the telecommuter can initiate the
IPSec tunnel.
Local Network - Single
IP Address:
Telecommuter A: 192.168.2.12
Telecommuter B: 192.168.3.2
Telecommuter C: 192.168.4.15
192.168.1.10
Remote Network -
Single IP Address:
192.168.1.10
Not Applicable
13.10.2 Telecommuters Using Unique VPN Rules Example
In this example the telecommuters (A, B and C in the figure) use IPSec routers with domain
names that are mapped to their dynamic WAN IP addresses (use Dynamic DNS to do this).
With aggressive negotiation mode (see
), the ZyXEL Device can
use the ID types and contents to distinguish between VPN rules. Telecommuters can each use
a separate VPN rule to simultaneously access a ZyXEL Device at headquarters. They can use
different IPSec parameters. The local IP addresses (or ranges of addresses) of the rules
configured on the ZyXEL Device at headquarters can overlap. The local IP addresses of the
rules configured on the telecommuters’ IPSec routers should not overlap.